PatchSiren cyber security CVE debrief
CVE-2026-50590 Mimecast CVE debrief
CVE-2026-50590 is a vulnerability in Mimecast Incydr before version 2.6.0, allowing for arbitrary file access. The vulnerability has a CVSS score of 4.5, classified as MEDIUM severity. It was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-50590) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-50590).
- Vendor
- Mimecast
- Product
- Incydr
- CVSS
- MEDIUM 4.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of Mimecast Incydr before version 2.6.0 should apply the necessary updates to prevent arbitrary file access.
Technical summary
The vulnerability exists in Mimecast Incydr before 2.6.0, enabling unauthorized file access. The CVSS vector is CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N, with a primary weakness of CWE-732.
Defensive priority
Apply the update to Mimecast Incydr version 2.6.0 or later to mitigate the vulnerability.
Recommended defensive actions
- Update Mimecast Incydr to version 2.6.0 or later.
- Review and apply security patches as recommended by the vendor.
Evidence notes
Evidence suggests that the vendor is 'Unknown Vendor' with low confidence, and the product name is not specified. Further review is needed.
Official resources
-
CVE-2026-50590 CVE record
CVE.org
-
CVE-2026-50590 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-50590 was published on 2026-06-05T02:17:14.007Z and last modified on 2026-06-05T16:06:10.940Z.